========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011/01/03 14:55:11 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Adobe
[2010/11/07 19:06:19 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\ArcSoft
[2011/02/06 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\BitTorrent
[2011/01/31 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\BSplayer PRO
[2010/11/06 03:21:19 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Corel
[2010/11/06 03:21:37 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\CorelHomeOffice
[2011/01/20 22:09:33 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
[2010/11/05 10:04:16 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\DigitalPersona
[2010/11/06 03:18:01 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\ESET
[2011/01/05 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\GHISLER
[2010/11/10 21:51:46 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Hewlett-Packard
[2010/11/05 10:08:28 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\hpqLog
[2010/11/05 10:16:51 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Identities
[2010/11/05 10:11:12 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\InstallShield
[2010/11/05 10:17:15 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Intel Corporation
[2011/01/30 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\IObit
[2011/02/06 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\LangSoft
[2010/11/05 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Macromedia
[2011/02/07 21:28:58 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Malwarebytes
[2011/02/08 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Media Player Classic
[2011/02/06 20:16:24 | 000,000,000 | --SD | M] -- C:\Users\vlado\AppData\Roaming\Microsoft
[2010/11/09 22:02:06 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Mozilla
[2011/02/06 23:42:15 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nokia
[2011/01/08 20:37:00 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nokia Ovi Suite
[2010/12/17 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Nseries
[2010/11/06 03:25:32 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Opera
[2011/02/02 15:16:27 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\PC Suite
[2010/12/17 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\PSpad
[2010/11/16 22:31:58 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\QIP
[2011/02/07 20:48:21 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Rynga
[2011/02/09 22:26:25 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Skype
[2011/02/09 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\skypePM
[2011/01/31 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\SoftGrid Client
[2010/12/14 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\TP
[2011/01/05 23:03:36 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\WinRAR
[2011/02/08 22:26:07 | 000,000,000 | ---D | M] -- C:\Users\vlado\AppData\Roaming\Wireshark
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
< MD5 for: CDROM.SYS >
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CRYPTSVC.DLL >
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\SysNative\cryptsvc.dll
[2009/07/14 02:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/09/02 20:03:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2010/09/02 20:03:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/09/02 19:58:13 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/09/02 20:03:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/09/02 20:03:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2010/09/02 20:03:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/02 19:58:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/09/02 20:03:45 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/02 19:58:13 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/02 20:03:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/02 19:58:13 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\SysNative\hal.dll
[2009/09/01 07:34:28 | 000,263,256 | ---- | M] (Microsoft Corporation) MD5=01B586A0B8C8D860457892F80B85A5CD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16416_none_076a95ef732190e3\hal.dll
[2009/09/01 08:03:17 | 000,263,240 | ---- | M] (Microsoft Corporation) MD5=514D418248FECD24D96E7219162BDFDD -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.20519_none_07f733988c3c7cb2\hal.dll
[2009/07/14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
< MD5 for: IASTOR.SYS >
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\Drivers\32\HDD\iaStor.sys
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\Drivers\64\HDD\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
[2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
< MD5 for: ISAPNP.SYS >
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 02:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: NDIS.SYS >
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\ERDNT\cache64\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\SysNative\drivers\ndis.sys
[2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/05/12 09:50:49 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=491E3CF1A4F0869E32197E34603B9BE1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\SysNative\drivers\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvraid.sys
[2010/05/12 09:38:10 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvraid.sys
< MD5 for: NVSTOR.SYS >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
< MD5 for: SMSS.EXE >
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe
[2009/07/14 02:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\ERDNT\cache64\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/02 20:03:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/02 20:03:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/09/02 20:03:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/09/02 20:03:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2_32.DLL >
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\SysNative\ws2_32.dll
[2009/07/14 02:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011/02/09 15:19:42 | 000,000,018 | ---- | M] () -- C:\Windows\SysWOW64\log.txt
[2011/02/09 14:38:18 | 000,000,535 | ---- | M] () -- C:\Windows\SysWOW64\mapisvc.inf
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivna:)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivna:)
A este jeden "sialeny" log:)
OTL Extras logfile created on: 2/9/2011 10:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\vlado\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.30 Gb Total Space | 43.79 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive D: | 200.50 Gb Total Space | 100.54 Gb Free Space | 50.15% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Computer Name: HP | User Name: vlado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1345732471-1687573740-328697185-1002\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8D7B92C1-E4DD-42CC-816C-0955DBF1E430}" = ESET Smart Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A78F11F2-A478-4BF8-A29A-63746D8A97C9}" = HP ProtectTools Security Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{3B89785B-4E94-400A-8705-5841B14063A7}" = ArcSoft SimHD Assistant Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0405-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner
"CCProxy_is1" = CCProxy 6.8 Build on 20101015
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"OptiSystem_is1" = OptiSystem 7.0 (x86)
"Optiwave Shared Components (x86)_is1" = Optiwave Shared Components 2.0.1.7 (x86)
"PSPad editor_is1" = PSPad editor
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English (3)
"Rainbow Client Activator 2.2 English All" = Client Activator 2.2 - English (All)
"Rynga_is1" = Rynga
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV 0.9.18
"VISPRO" = Microsoft Office Visio Professional 2007
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.3
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Extras logfile created on: 2/9/2011 10:25:01 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\vlado\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80.30 Gb Total Space | 43.79 Gb Free Space | 54.53% Space Free | Partition Type: NTFS
Drive D: | 200.50 Gb Total Space | 100.54 Gb Free Space | 50.15% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Computer Name: HP | User Name: vlado | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1345732471-1687573740-328697185-1002\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{088E976C-6B19-E3D3-1EAB-6E13B2D34CD7}" = ATI Catalyst Install Manager
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8D7B92C1-E4DD-42CC-816C-0955DBF1E430}" = ESET Smart Security
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A78F11F2-A478-4BF8-A29A-63746D8A97C9}" = HP ProtectTools Security Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{3B89785B-4E94-400A-8705-5841B14063A7}" = ArcSoft SimHD Assistant Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0405-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitTorrent" = BitTorrent
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner
"CCProxy_is1" = CCProxy 6.8 Build on 20101015
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drive Encryption" = Drive Encryption for HP ProtectTools
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"OptiSystem_is1" = OptiSystem 7.0 (x86)
"Optiwave Shared Components (x86)_is1" = Optiwave Shared Components 2.0.1.7 (x86)
"PSPad editor_is1" = PSPad editor
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English (3)
"Rainbow Client Activator 2.2 English All" = Client Activator 2.2 - English (All)
"Rynga_is1" = Rynga
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV 0.9.18
"VISPRO" = Microsoft Office Visio Professional 2007
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.3
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Re: preventivna:)
Já na to mrknu zítra, ted už mě bolí oči a nevidím na to 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
Otestujte na www.virustotal.com
C:\windows\LPRES.DLL
C:\Users\vlado\PUTTY.RND
C:\windows\SysNative\drivers\SWDUMon.sys
C:\windows\LPRES.DLL
C:\Users\vlado\PUTTY.RND
C:\windows\SysNative\drivers\SWDUMon.sys
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
súbory sú čisté
File name:
SWDUMon.sys
Submission date:
2011-02-10 12:34:50 (UTC)
Current status:
queued (#81) queued (#81) analysing finished
Result:
0/ 43 (0.0%)
File name:
SWDUMon.sys
Submission date:
2011-02-10 12:34:50 (UTC)
Current status:
queued (#81) queued (#81) analysing finished
Result:
0/ 43 (0.0%)
Re: preventivna:)
Spustte OTL-do bílého okna dole skopírujte tento skript:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//FWEvent.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCC53.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE71.tmp folder moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp0 moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp1 moved successfully.
C:\WINDOWS\Installer\MSI33F4.tmp moved successfully.
C:\WINDOWS\Installer\MSI3E18.tmp moved successfully.
C:\WINDOWS\Installer\MSI4F46.tmp moved successfully.
C:\WINDOWS\Installer\MSI58F3.tmp moved successfully.
C:\WINDOWS\Installer\MSI84CA.tmp moved successfully.
C:\WINDOWS\Installer\MSIA9BF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC44.tmp moved successfully.
C:\WINDOWS\Installer\MSID46D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0a52f3c5619219f844becc0bab3e9084\BITE997.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\2754ec1593865b0d91b417b3e3f8ea21\BITE7BB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\297e010eedecb73f780d95068d5339ad\BITE79B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\37a03d62c21e6d058d65c57856e2d2a8\BITE909.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\3da64bba3d2111cbab05fe4f63aa38bb\BITE939.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\60124d34ee5514ab2b8dc48e79838ba2\BITE76B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\6111ed28d7d8a5c80cd5e49ce2e860a1\BITE6EC.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a3bb71ad37da113da2ce5b18d7f0cfb0\BITE9C7.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ab68498e240be9945d437d840d62fb05\BITE72B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ad28a081d6c53bc33a95718d0553dd01\BITE86B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c8c9d9758fe376f91f68553e52126c8a\BITE80B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d5e70aa23b9abe6d0bcb08de43514748\BITE74B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\dbefdbfa5f958742be133870d439deca\BITE7EB.tmp moved successfully.
C:\WINDOWS\System32\shoA3F0.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoA7A9.tmp moved successfully.
C:\WINDOWS\temp\NOD10D6.tmp moved successfully.
C:\WINDOWS\temp\NOD10D7.tmp moved successfully.
C:\WINDOWS\temp\NOD10D8.tmp moved successfully.
C:\WINDOWS\temp\NOD10D9.tmp moved successfully.
C:\WINDOWS\temp\NOD10DA.tmp moved successfully.
C:\WINDOWS\temp\NOD10DB.tmp moved successfully.
C:\WINDOWS\temp\NOD10DC.tmp moved successfully.
C:\WINDOWS\temp\NOD10DD.tmp moved successfully.
C:\WINDOWS\temp\NOD10DE.tmp moved successfully.
C:\WINDOWS\temp\NOD10DF.tmp moved successfully.
C:\WINDOWS\temp\NOD10E0.tmp moved successfully.
C:\WINDOWS\temp\NOD10E1.tmp moved successfully.
C:\WINDOWS\temp\NOD10E2.tmp moved successfully.
C:\WINDOWS\temp\NOD10E3.tmp moved successfully.
C:\WINDOWS\temp\NOD10E4.tmp moved successfully.
C:\WINDOWS\temp\NOD10E5.tmp moved successfully.
C:\WINDOWS\temp\NOD10E6.tmp moved successfully.
C:\WINDOWS\temp\NOD1106.tmp moved successfully.
C:\WINDOWS\temp\NOD12CC.tmp moved successfully.
C:\WINDOWS\temp\NOD38F0.tmp moved successfully.
C:\WINDOWS\temp\NOD3E02.tmp moved successfully.
C:\WINDOWS\temp\NOD3E03.tmp moved successfully.
C:\WINDOWS\temp\NOD3E04.tmp moved successfully.
C:\WINDOWS\temp\NOD551D.tmp moved successfully.
C:\WINDOWS\temp\NOD551E.tmp moved successfully.
C:\WINDOWS\temp\NOD551F.tmp moved successfully.
C:\WINDOWS\temp\NOD5520.tmp moved successfully.
C:\WINDOWS\temp\NOD5521.tmp moved successfully.
C:\WINDOWS\temp\NOD5522.tmp moved successfully.
C:\WINDOWS\temp\NOD5523.tmp moved successfully.
C:\WINDOWS\temp\NOD5524.tmp moved successfully.
C:\WINDOWS\temp\NOD8A5.tmp moved successfully.
C:\WINDOWS\temp\NOD8A6.tmp moved successfully.
C:\WINDOWS\temp\NOD8A7.tmp moved successfully.
C:\WINDOWS\temp\NOD8A8.tmp moved successfully.
C:\WINDOWS\temp\NOD8A9.tmp moved successfully.
C:\WINDOWS\temp\NOD8AA.tmp moved successfully.
C:\WINDOWS\temp\NOD8AB.tmp moved successfully.
C:\WINDOWS\temp\NOD919.tmp moved successfully.
C:\WINDOWS\temp\NOD91A.tmp moved successfully.
C:\WINDOWS\temp\NOD92B.tmp moved successfully.
C:\WINDOWS\temp\NOD92C.tmp moved successfully.
C:\WINDOWS\temp\NOD92D.tmp moved successfully.
C:\WINDOWS\temp\NOD92E.tmp moved successfully.
C:\WINDOWS\temp\NOD92F.tmp moved successfully.
C:\WINDOWS\temp\NOD930.tmp moved successfully.
C:\WINDOWS\temp\NOD93C2.tmp moved successfully.
C:\WINDOWS\temp\NOD93C3.tmp moved successfully.
C:\WINDOWS\temp\NOD93C4.tmp moved successfully.
C:\WINDOWS\temp\NOD9834.tmp moved successfully.
C:\WINDOWS\temp\NOD9835.tmp moved successfully.
C:\WINDOWS\temp\NOD9836.tmp moved successfully.
C:\WINDOWS\temp\NOD9837.tmp moved successfully.
C:\WINDOWS\temp\NOD9838.tmp moved successfully.
C:\WINDOWS\temp\NOD9839.tmp moved successfully.
C:\WINDOWS\temp\NOD983A.tmp moved successfully.
C:\WINDOWS\temp\NOD983B.tmp moved successfully.
C:\WINDOWS\temp\NOD983C.tmp moved successfully.
C:\WINDOWS\temp\NOD983D.tmp moved successfully.
C:\WINDOWS\temp\NOD983E.tmp moved successfully.
C:\WINDOWS\temp\NOD984F.tmp moved successfully.
C:\WINDOWS\temp\NOD9850.tmp moved successfully.
C:\WINDOWS\temp\NOD9851.tmp moved successfully.
C:\WINDOWS\temp\NOD9871.tmp moved successfully.
C:\WINDOWS\temp\NOD9872.tmp moved successfully.
C:\WINDOWS\temp\NOD9873.tmp moved successfully.
C:\WINDOWS\temp\NOD9874.tmp moved successfully.
C:\WINDOWS\temp\NOD9875.tmp moved successfully.
C:\WINDOWS\temp\NOD9876.tmp moved successfully.
C:\WINDOWS\temp\NOD9877.tmp moved successfully.
C:\WINDOWS\temp\NOD9878.tmp moved successfully.
C:\WINDOWS\temp\NOD9879.tmp moved successfully.
C:\WINDOWS\temp\NOD987A.tmp moved successfully.
C:\WINDOWS\temp\NOD987B.tmp moved successfully.
C:\WINDOWS\temp\NOD987C.tmp moved successfully.
C:\WINDOWS\temp\NOD987D.tmp moved successfully.
C:\WINDOWS\temp\NOD987E.tmp moved successfully.
C:\WINDOWS\temp\NOD987F.tmp moved successfully.
C:\WINDOWS\temp\NOD9880.tmp moved successfully.
C:\WINDOWS\temp\NODBC28.tmp moved successfully.
C:\WINDOWS\temp\NODD25F.tmp moved successfully.
C:\WINDOWS\temp\NODD30C.tmp moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: vlado
->Temp folder emptied: 3630928 bytes
->Temporary Internet Files folder emptied: 637276 bytes
->Java cache emptied: 3034 bytes
->FireFox cache emptied: 107775907 bytes
->Opera cache emptied: 348409 bytes
->Flash cache emptied: 1958 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1692304 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152203 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 545360 bytes
Total Files Cleaned = 110.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: vlado
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.20.6 log created on 02102011_220622
Files\Folders moved on Reboot...
C:\Users\vlado\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\SysNative\AESTAR64.tmp not found!
File\Folder C:\windows\SysNative\stapo64.tmp not found!
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//FWEvent.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCC53.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE71.tmp folder moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp0 moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp1 moved successfully.
C:\WINDOWS\Installer\MSI33F4.tmp moved successfully.
C:\WINDOWS\Installer\MSI3E18.tmp moved successfully.
C:\WINDOWS\Installer\MSI4F46.tmp moved successfully.
C:\WINDOWS\Installer\MSI58F3.tmp moved successfully.
C:\WINDOWS\Installer\MSI84CA.tmp moved successfully.
C:\WINDOWS\Installer\MSIA9BF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC44.tmp moved successfully.
C:\WINDOWS\Installer\MSID46D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0a52f3c5619219f844becc0bab3e9084\BITE997.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\2754ec1593865b0d91b417b3e3f8ea21\BITE7BB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\297e010eedecb73f780d95068d5339ad\BITE79B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\37a03d62c21e6d058d65c57856e2d2a8\BITE909.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\3da64bba3d2111cbab05fe4f63aa38bb\BITE939.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\60124d34ee5514ab2b8dc48e79838ba2\BITE76B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\6111ed28d7d8a5c80cd5e49ce2e860a1\BITE6EC.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a3bb71ad37da113da2ce5b18d7f0cfb0\BITE9C7.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ab68498e240be9945d437d840d62fb05\BITE72B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ad28a081d6c53bc33a95718d0553dd01\BITE86B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c8c9d9758fe376f91f68553e52126c8a\BITE80B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\d5e70aa23b9abe6d0bcb08de43514748\BITE74B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\dbefdbfa5f958742be133870d439deca\BITE7EB.tmp moved successfully.
C:\WINDOWS\System32\shoA3F0.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoA7A9.tmp moved successfully.
C:\WINDOWS\temp\NOD10D6.tmp moved successfully.
C:\WINDOWS\temp\NOD10D7.tmp moved successfully.
C:\WINDOWS\temp\NOD10D8.tmp moved successfully.
C:\WINDOWS\temp\NOD10D9.tmp moved successfully.
C:\WINDOWS\temp\NOD10DA.tmp moved successfully.
C:\WINDOWS\temp\NOD10DB.tmp moved successfully.
C:\WINDOWS\temp\NOD10DC.tmp moved successfully.
C:\WINDOWS\temp\NOD10DD.tmp moved successfully.
C:\WINDOWS\temp\NOD10DE.tmp moved successfully.
C:\WINDOWS\temp\NOD10DF.tmp moved successfully.
C:\WINDOWS\temp\NOD10E0.tmp moved successfully.
C:\WINDOWS\temp\NOD10E1.tmp moved successfully.
C:\WINDOWS\temp\NOD10E2.tmp moved successfully.
C:\WINDOWS\temp\NOD10E3.tmp moved successfully.
C:\WINDOWS\temp\NOD10E4.tmp moved successfully.
C:\WINDOWS\temp\NOD10E5.tmp moved successfully.
C:\WINDOWS\temp\NOD10E6.tmp moved successfully.
C:\WINDOWS\temp\NOD1106.tmp moved successfully.
C:\WINDOWS\temp\NOD12CC.tmp moved successfully.
C:\WINDOWS\temp\NOD38F0.tmp moved successfully.
C:\WINDOWS\temp\NOD3E02.tmp moved successfully.
C:\WINDOWS\temp\NOD3E03.tmp moved successfully.
C:\WINDOWS\temp\NOD3E04.tmp moved successfully.
C:\WINDOWS\temp\NOD551D.tmp moved successfully.
C:\WINDOWS\temp\NOD551E.tmp moved successfully.
C:\WINDOWS\temp\NOD551F.tmp moved successfully.
C:\WINDOWS\temp\NOD5520.tmp moved successfully.
C:\WINDOWS\temp\NOD5521.tmp moved successfully.
C:\WINDOWS\temp\NOD5522.tmp moved successfully.
C:\WINDOWS\temp\NOD5523.tmp moved successfully.
C:\WINDOWS\temp\NOD5524.tmp moved successfully.
C:\WINDOWS\temp\NOD8A5.tmp moved successfully.
C:\WINDOWS\temp\NOD8A6.tmp moved successfully.
C:\WINDOWS\temp\NOD8A7.tmp moved successfully.
C:\WINDOWS\temp\NOD8A8.tmp moved successfully.
C:\WINDOWS\temp\NOD8A9.tmp moved successfully.
C:\WINDOWS\temp\NOD8AA.tmp moved successfully.
C:\WINDOWS\temp\NOD8AB.tmp moved successfully.
C:\WINDOWS\temp\NOD919.tmp moved successfully.
C:\WINDOWS\temp\NOD91A.tmp moved successfully.
C:\WINDOWS\temp\NOD92B.tmp moved successfully.
C:\WINDOWS\temp\NOD92C.tmp moved successfully.
C:\WINDOWS\temp\NOD92D.tmp moved successfully.
C:\WINDOWS\temp\NOD92E.tmp moved successfully.
C:\WINDOWS\temp\NOD92F.tmp moved successfully.
C:\WINDOWS\temp\NOD930.tmp moved successfully.
C:\WINDOWS\temp\NOD93C2.tmp moved successfully.
C:\WINDOWS\temp\NOD93C3.tmp moved successfully.
C:\WINDOWS\temp\NOD93C4.tmp moved successfully.
C:\WINDOWS\temp\NOD9834.tmp moved successfully.
C:\WINDOWS\temp\NOD9835.tmp moved successfully.
C:\WINDOWS\temp\NOD9836.tmp moved successfully.
C:\WINDOWS\temp\NOD9837.tmp moved successfully.
C:\WINDOWS\temp\NOD9838.tmp moved successfully.
C:\WINDOWS\temp\NOD9839.tmp moved successfully.
C:\WINDOWS\temp\NOD983A.tmp moved successfully.
C:\WINDOWS\temp\NOD983B.tmp moved successfully.
C:\WINDOWS\temp\NOD983C.tmp moved successfully.
C:\WINDOWS\temp\NOD983D.tmp moved successfully.
C:\WINDOWS\temp\NOD983E.tmp moved successfully.
C:\WINDOWS\temp\NOD984F.tmp moved successfully.
C:\WINDOWS\temp\NOD9850.tmp moved successfully.
C:\WINDOWS\temp\NOD9851.tmp moved successfully.
C:\WINDOWS\temp\NOD9871.tmp moved successfully.
C:\WINDOWS\temp\NOD9872.tmp moved successfully.
C:\WINDOWS\temp\NOD9873.tmp moved successfully.
C:\WINDOWS\temp\NOD9874.tmp moved successfully.
C:\WINDOWS\temp\NOD9875.tmp moved successfully.
C:\WINDOWS\temp\NOD9876.tmp moved successfully.
C:\WINDOWS\temp\NOD9877.tmp moved successfully.
C:\WINDOWS\temp\NOD9878.tmp moved successfully.
C:\WINDOWS\temp\NOD9879.tmp moved successfully.
C:\WINDOWS\temp\NOD987A.tmp moved successfully.
C:\WINDOWS\temp\NOD987B.tmp moved successfully.
C:\WINDOWS\temp\NOD987C.tmp moved successfully.
C:\WINDOWS\temp\NOD987D.tmp moved successfully.
C:\WINDOWS\temp\NOD987E.tmp moved successfully.
C:\WINDOWS\temp\NOD987F.tmp moved successfully.
C:\WINDOWS\temp\NOD9880.tmp moved successfully.
C:\WINDOWS\temp\NODBC28.tmp moved successfully.
C:\WINDOWS\temp\NODD25F.tmp moved successfully.
C:\WINDOWS\temp\NODD30C.tmp moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: vlado
->Temp folder emptied: 3630928 bytes
->Temporary Internet Files folder emptied: 637276 bytes
->Java cache emptied: 3034 bytes
->FireFox cache emptied: 107775907 bytes
->Opera cache emptied: 348409 bytes
->Flash cache emptied: 1958 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1692304 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152203 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 545360 bytes
Total Files Cleaned = 110.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: vlado
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.20.6 log created on 02102011_220622
Files\Folders moved on Reboot...
C:\Users\vlado\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\SysNative\AESTAR64.tmp not found!
File\Folder C:\windows\SysNative\stapo64.tmp not found!
Registry entries deleted on Reboot...
Re: preventivna:)
Poprosím o nový log ze Rsitu. Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
Nezaznamenal som nejaké veľké zmeny, Už sa mi nespúšťa HP security inak všetko OK
Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-14 15:22:30
Microsoft Windows 7 Home Premium
System drive C: has 46 GB (56%) free of 82 GB
Total RAM: 2927 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:52 PM, on 2/14/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10643 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
winlogon.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{C0CD60D1-8605-458E-888C-98A9DEE09829}
{AF3F73F7-3D0C-4929-9648-85460260ABF6}
{34432409-0741-405C-B05F-C403C1EA99F2}
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-afa33d62-610e-4d21-ad20-b77813ce209a -SystemEventPortName:HostProcess-ff3350e1-ddda-4ad8-8515-b5d6c2621623 -IoCancelEventPortName:HostProcess-bacd1e24-0a1a-4524-a08f-04292122a2d6 -NonStateChangingEventPortName:HostProcess-32ff5c1f-98b4-497b-9f96-2104ab141e0e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:65f725cb-01af-43c3-a9e5-6d927a502343
C:\windows\system32\svchost.exe -k imgsvc
"C:\windows\system32\wuauclt.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>267107895</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1080.85725c0.1145209709 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1080 plugin \\.\pipe\gecko-crash-server-pipe.1080
"C:\Users\vlado\Downloads\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-10 22:06:22 ----D---- C:\_OTL
2011-02-09 15:24:43 ----A---- C:\windows\SWXCACLS.exe
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 14:50:43 ----A---- C:\windows\zip.exe
2011-02-09 14:50:43 ----A---- C:\windows\SWSC.exe
2011-02-09 14:50:43 ----A---- C:\windows\SWREG.exe
2011-02-09 14:50:43 ----A---- C:\windows\sed.exe
2011-02-09 14:50:43 ----A---- C:\windows\PEV.exe
2011-02-09 14:50:43 ----A---- C:\windows\NIRCMD.exe
2011-02-09 14:50:43 ----A---- C:\windows\MBR.exe
2011-02-09 14:50:43 ----A---- C:\windows\grep.exe
2011-02-09 14:40:25 ----D---- C:\windows\ERDNT
2011-02-09 14:40:04 ----D---- C:\Qoobox
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 22:09:58 ----D---- C:\rsit
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
2011-01-15 20:41:00 ----D---- C:\Program Files (x86)\Veetle
======List of files/folders modified in the last 1 months======
2011-02-14 15:04:20 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-14 14:45:18 ----D---- C:\windows\system32\config
2011-02-14 14:23:46 ----D---- C:\windows\System32
2011-02-14 14:23:46 ----D---- C:\windows\inf
2011-02-14 14:23:46 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-14 14:19:37 ----D---- C:\windows\winsxs
2011-02-14 14:19:37 ----D---- C:\ProgramData\HPQLOG
2011-02-14 14:19:32 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:32 ----D---- C:\windows\Prefetch
2011-02-14 14:09:25 ----D---- C:\windows\debug
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 14:09:02 ----SHD---- C:\System Volume Information
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot
2011-02-14 12:22:06 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-14 11:50:40 ----D---- C:\windows\system32\drivers
2011-02-10 23:38:14 ----SHD---- C:\windows\Installer
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:39:51 ----D---- C:\Windows
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 21:22:00 ----D---- C:\windows\system32\DriverStore
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 15:17:40 ----D---- C:\Program Files (x86)\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 14:32:13 ----D---- C:\windows\system32\Tasks
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:25:57 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-08 15:18:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:20:07 ----RSD---- C:\windows\assembly
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-02 15:16:27 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
inak všetko OK Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-14 15:22:30
Microsoft Windows 7 Home Premium
System drive C: has 46 GB (56%) free of 82 GB
Total RAM: 2927 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:52 PM, on 2/14/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10643 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
winlogon.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{C0CD60D1-8605-458E-888C-98A9DEE09829}
{AF3F73F7-3D0C-4929-9648-85460260ABF6}
{34432409-0741-405C-B05F-C403C1EA99F2}
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-afa33d62-610e-4d21-ad20-b77813ce209a -SystemEventPortName:HostProcess-ff3350e1-ddda-4ad8-8515-b5d6c2621623 -IoCancelEventPortName:HostProcess-bacd1e24-0a1a-4524-a08f-04292122a2d6 -NonStateChangingEventPortName:HostProcess-32ff5c1f-98b4-497b-9f96-2104ab141e0e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:65f725cb-01af-43c3-a9e5-6d927a502343
C:\windows\system32\svchost.exe -k imgsvc
"C:\windows\system32\wuauclt.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>267107895</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1080.85725c0.1145209709 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1080 plugin \\.\pipe\gecko-crash-server-pipe.1080
"C:\Users\vlado\Downloads\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files (x86)\PDF Complete\pdfsty.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-10 22:06:22 ----D---- C:\_OTL
2011-02-09 15:24:43 ----A---- C:\windows\SWXCACLS.exe
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 14:50:43 ----A---- C:\windows\zip.exe
2011-02-09 14:50:43 ----A---- C:\windows\SWSC.exe
2011-02-09 14:50:43 ----A---- C:\windows\SWREG.exe
2011-02-09 14:50:43 ----A---- C:\windows\sed.exe
2011-02-09 14:50:43 ----A---- C:\windows\PEV.exe
2011-02-09 14:50:43 ----A---- C:\windows\NIRCMD.exe
2011-02-09 14:50:43 ----A---- C:\windows\MBR.exe
2011-02-09 14:50:43 ----A---- C:\windows\grep.exe
2011-02-09 14:40:25 ----D---- C:\windows\ERDNT
2011-02-09 14:40:04 ----D---- C:\Qoobox
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 22:09:58 ----D---- C:\rsit
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
2011-01-15 20:41:00 ----D---- C:\Program Files (x86)\Veetle
======List of files/folders modified in the last 1 months======
2011-02-14 15:04:20 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-14 14:45:18 ----D---- C:\windows\system32\config
2011-02-14 14:23:46 ----D---- C:\windows\System32
2011-02-14 14:23:46 ----D---- C:\windows\inf
2011-02-14 14:23:46 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-14 14:19:37 ----D---- C:\windows\winsxs
2011-02-14 14:19:37 ----D---- C:\ProgramData\HPQLOG
2011-02-14 14:19:32 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:32 ----D---- C:\windows\Prefetch
2011-02-14 14:09:25 ----D---- C:\windows\debug
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 14:09:02 ----SHD---- C:\System Volume Information
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot
2011-02-14 12:22:06 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-14 11:50:40 ----D---- C:\windows\system32\drivers
2011-02-10 23:38:14 ----SHD---- C:\windows\Installer
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:39:51 ----D---- C:\Windows
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 21:22:00 ----D---- C:\windows\system32\DriverStore
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 15:17:40 ----D---- C:\Program Files (x86)\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 14:32:13 ----D---- C:\windows\system32\Tasks
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:25:57 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-08 15:18:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:20:07 ----RSD---- C:\windows\assembly
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-02 15:16:27 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
Re: preventivna:)
a to je dobře nebo špatněUž sa mi nespúšťa HP security
Otevřete si Poznámkový blok a zkopírujte do něj text Kód: Vybrat vše
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
spusťte přejmenované HJT C:\Program Files\trend micro\vlado.exe , má tuto ikonku 
- Klikněte na "Do a system scan only"
- U řádku
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc
Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
Dobrý deň to že sa mi nespúšťa HP security považujem za úspech nevedel som ako to mám zakázať no hádam sa to podarilo Čo sa nepodarilo je odinštalovanie ComboFixu po stlacení tlačítka win+R a vložení ComboFix /Uninstall mi ohlásilo že Windows nemôže nájsť ComboFix zaujímavé:)
HJT mi neopravilo
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
postupoval som podľa návodu
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
Ohlásilo chybu ktorá mala niečo spoločné zo zálohou
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
prebehlo bez chybnej hlášky no aj tak to tam "ostalo"
Čo sa nepodarilo je odinštalovanie ComboFixu po stlacení tlačítka win+R a vložení ComboFix /Uninstall mi ohlásilo že Windows nemôže nájsť ComboFix zaujímavé:)HJT mi neopravilo
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
postupoval som podľa návodu
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
Ohlásilo chybu ktorá mala niečo spoločné zo zálohou
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
prebehlo bez chybnej hlášky no aj tak to tam "ostalo"
Re: preventivna:)
Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-15 13:07:16
Microsoft Windows 7 Home Premium
System drive C: has 47 GB (57%) free of 82 GB
Total RAM: 2927 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:39 PM, on 2/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10687 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{728F3DB7-3420-4A70-804C-0FEA787E7713}
{008CF998-A737-4732-867B-76B83EA35EE8}
{070CD509-88B7-4386-8998-FC0D2724516E}
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>372224177</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
C:\windows\servicing\TrustedInstaller.exe
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\windows\system32\wuauclt.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
wmiadap.exe /F /T /R
"C:\Users\vlado\Desktop\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-15 13:07:16 ----D---- C:\rsit
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
======List of files/folders modified in the last 1 months======
2011-02-15 13:07:40 ----D---- C:\windows\Prefetch
2011-02-15 13:06:20 ----D---- C:\windows\system32\config
2011-02-15 13:05:27 ----D---- C:\Windows
2011-02-15 13:05:14 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-15 13:03:14 ----D---- C:\ProgramData\HPQLOG
2011-02-15 13:03:10 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-15 12:56:47 ----D---- C:\windows\System32
2011-02-15 12:56:47 ----D---- C:\windows\inf
2011-02-15 12:56:47 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-15 12:34:09 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-14 18:24:47 ----D---- C:\windows\winsxs
2011-02-14 17:58:07 ----SHD---- C:\windows\Installer
2011-02-14 17:58:02 ----RSD---- C:\windows\assembly
2011-02-14 17:57:50 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-14 17:57:21 ----SHD---- C:\System Volume Information
2011-02-14 17:53:23 ----D---- C:\windows\debug
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot
2011-02-14 11:50:40 ----D---- C:\windows\system32\drivers
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 21:22:00 ----D---- C:\windows\system32\DriverStore
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 15:17:40 ----D---- C:\Program Files (x86)\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 14:32:13 ----D---- C:\windows\system32\Tasks
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:18:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-02 15:16:27 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe []
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
Run by vlado at 2011-02-15 13:07:16
Microsoft Windows 7 Home Premium
System drive C: has 47 GB (57%) free of 82 GB
Total RAM: 2927 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:39 PM, on 2/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10687 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{728F3DB7-3420-4A70-804C-0FEA787E7713}
{008CF998-A737-4732-867B-76B83EA35EE8}
{070CD509-88B7-4386-8998-FC0D2724516E}
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>372224177</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
C:\windows\servicing\TrustedInstaller.exe
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\windows\system32\wuauclt.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
wmiadap.exe /F /T /R
"C:\Users\vlado\Desktop\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-15 13:07:16 ----D---- C:\rsit
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
======List of files/folders modified in the last 1 months======
2011-02-15 13:07:40 ----D---- C:\windows\Prefetch
2011-02-15 13:06:20 ----D---- C:\windows\system32\config
2011-02-15 13:05:27 ----D---- C:\Windows
2011-02-15 13:05:14 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-15 13:03:14 ----D---- C:\ProgramData\HPQLOG
2011-02-15 13:03:10 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-15 12:56:47 ----D---- C:\windows\System32
2011-02-15 12:56:47 ----D---- C:\windows\inf
2011-02-15 12:56:47 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-15 12:34:09 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-14 18:24:47 ----D---- C:\windows\winsxs
2011-02-14 17:58:07 ----SHD---- C:\windows\Installer
2011-02-14 17:58:02 ----RSD---- C:\windows\assembly
2011-02-14 17:57:50 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-14 17:57:21 ----SHD---- C:\System Volume Information
2011-02-14 17:53:23 ----D---- C:\windows\debug
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot
2011-02-14 11:50:40 ----D---- C:\windows\system32\drivers
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 21:22:00 ----D---- C:\windows\system32\DriverStore
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 15:17:40 ----D---- C:\Program Files (x86)\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 14:32:13 ----D---- C:\windows\system32\Tasks
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:18:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-02-02 15:16:27 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe []
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
Re: preventivna:)
Já jsem Vám zakázala nějaké položky ke spouštění po startu, co jsem považovala za zbytečnost.
Zkuste to fixnout znovu v nouzovém režimu.
Zkuste to fixnout znovu v nouzovém režimu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: preventivna:)
Dobrý večer
Fix sa v núdzovom režime podaril... nepodarilo sa odinštalovať ComboFix ale myslím že pozostatky odstránil T-Cleaner.
Prikladám log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-15 22:56:03
Microsoft Windows 7 Home Premium
System drive C: has 45 GB (55%) free of 82 GB
Total RAM: 2927 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:52 PM, on 2/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10087 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{F9F4EAAF-907D-41ED-AC61-596858C9A001}
{B300105B-53FE-4B78-AD57-69F521E1401C}
{96EEE09D-08CD-4F75-9F1C-4C4791586693}
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-710161fa-49b0-4434-bb3b-de0cb37f50e5 -SystemEventPortName:HostProcess-2b954817-43ee-421e-97d7-6c722f2bbc52 -IoCancelEventPortName:HostProcess-f595b2e8-7d05-4bdf-8d21-5e3dd5a99b58 -NonStateChangingEventPortName:HostProcess-9424b3cd-5d8e-4e35-9e30-46bb177a4575 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c4316626-01f1-4656-b739-d38e0e6e6f84
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Users\vlado\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>1238899983</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\windows\splwow64.exe 2
"C:\windows\system32\wuauclt.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-15 22:56:03 ----D---- C:\rsit
2011-02-15 21:01:51 ----SHD---- C:\Config.Msi
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
======List of files/folders modified in the last 1 months======
2011-02-15 22:56:52 ----D---- C:\windows\Prefetch
2011-02-15 22:55:54 ----D---- C:\windows\system32\config
2011-02-15 22:55:46 ----D---- C:\Windows
2011-02-15 22:54:03 ----D---- C:\ProgramData\HPQLOG
2011-02-15 22:53:57 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-15 22:51:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-15 22:49:50 ----D---- C:\windows\System32
2011-02-15 22:49:50 ----D---- C:\windows\inf
2011-02-15 22:49:50 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-15 21:27:09 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-15 21:23:50 ----D---- C:\windows\system32\Tasks
2011-02-15 21:02:16 ----SHD---- C:\windows\Installer
2011-02-15 16:11:32 ----D---- C:\windows\winsxs
2011-02-15 16:03:55 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-15 15:37:37 ----D---- C:\Program Files (x86)\Common Files
2011-02-15 15:14:16 ----D---- C:\Program Files (x86)\Nokia
2011-02-15 14:52:16 ----D---- C:\ProgramData\Installations
2011-02-15 14:22:40 ----D---- C:\windows\system32\drivers
2011-02-15 14:22:39 ----D---- C:\windows\system32\DriverStore
2011-02-15 14:22:39 ----D---- C:\windows\system32\catroot
2011-02-15 14:22:14 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-02-14 17:58:02 ----RSD---- C:\windows\assembly
2011-02-14 17:57:50 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-14 17:57:21 ----SHD---- C:\System Volume Information
2011-02-14 17:53:23 ----D---- C:\windows\debug
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe []
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
Fix sa v núdzovom režime podaril... nepodarilo sa odinštalovať ComboFix ale myslím že pozostatky odstránil T-Cleaner.
Prikladám log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by vlado at 2011-02-15 22:56:03
Microsoft Windows 7 Home Premium
System drive C: has 45 GB (55%) free of 82 GB
Total RAM: 2927 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:52 PM, on 2/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\trend micro\vlado.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E76A8FC-627C-45D6-B073-3EE3307BB182}: NameServer = 160.218.161.60 194.228.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10087 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{F9F4EAAF-907D-41ED-AC61-596858C9A001}
{B300105B-53FE-4B78-AD57-69F521E1401C}
{96EEE09D-08CD-4F75-9F1C-4C4791586693}
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-710161fa-49b0-4434-bb3b-de0cb37f50e5 -SystemEventPortName:HostProcess-2b954817-43ee-421e-97d7-6c722f2bbc52 -IoCancelEventPortName:HostProcess-f595b2e8-7d05-4bdf-8d21-5e3dd5a99b58 -NonStateChangingEventPortName:HostProcess-9424b3cd-5d8e-4e35-9e30-46bb177a4575 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c4316626-01f1-4656-b739-d38e0e6e6f84
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Users\vlado\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: Off</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_off.ico</IconPath><ID>1238899983</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\windows\splwow64.exe 2
"C:\windows\system32\wuauclt.exe"
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForvlado.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 2187528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-12-03 1471752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-12-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-11-08 520192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-06-19 1691192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-11-10 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-11-10 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-11-10 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-01-31 703360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-11-10 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-14 290304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -
======List of files/folders created in the last 1 months======
2011-02-15 22:56:03 ----D---- C:\rsit
2011-02-15 21:01:51 ----SHD---- C:\Config.Msi
2011-02-14 14:07:44 ----A---- C:\windows\system32\mshtml.dll
2011-02-14 14:07:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2011-02-14 14:07:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\mstime.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\msfeeds.dll
2011-02-14 14:07:37 ----A---- C:\windows\system32\iedkcs32.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\SYSWOW64\iepeers.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\mshtmled.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedssync.exe
2011-02-14 14:07:36 ----A---- C:\windows\system32\msfeedsbs.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\licmgr10.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iertutil.dll
2011-02-14 14:07:36 ----A---- C:\windows\system32\iepeers.dll
2011-02-14 13:41:32 ----A---- C:\windows\system32\ntoskrnl.exe
2011-02-14 13:41:31 ----A---- C:\windows\SYSWOW64\ntdll.dll
2011-02-14 13:41:31 ----A---- C:\windows\system32\ntdll.dll
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2011-02-14 13:41:30 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2011-02-14 13:40:17 ----A---- C:\windows\SYSWOW64\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\urlmon.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\upnp.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml6.dll
2011-02-14 13:40:17 ----A---- C:\windows\system32\msxml3.dll
2011-02-14 13:40:16 ----A---- C:\windows\SYSWOW64\urlmon.dll
2011-02-14 13:40:16 ----A---- C:\windows\system32\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\wininet.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml6.dll
2011-02-14 13:40:15 ----A---- C:\windows\SYSWOW64\msxml3.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\winhttp.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\WebClnt.dll
2011-02-14 13:40:15 ----A---- C:\windows\system32\davclnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2011-02-14 13:40:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2011-02-14 13:40:14 ----A---- C:\windows\system32\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\wscapi.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\winhttp.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\SYSWOW64\davclnt.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\wscsvc.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\slwga.dll
2011-02-14 13:40:13 ----A---- C:\windows\system32\ieframe.dll
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 23:28:09 ----A---- C:\windows\system32\cdd.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\SYSWOW64\jscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\vbscript.dll
2011-02-10 23:28:03 ----A---- C:\windows\system32\jscript.dll
2011-02-10 23:25:39 ----A---- C:\windows\system32\winsrv.dll
2011-02-10 23:24:04 ----A---- C:\windows\system32\kerberos.dll
2011-02-10 23:24:03 ----A---- C:\windows\SYSWOW64\kerberos.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\SYSWOW64\atmfd.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmlib.dll
2011-02-10 23:23:08 ----A---- C:\windows\system32\atmfd.dll
2011-02-10 23:22:39 ----A---- C:\windows\system32\win32k.sys
2011-02-09 15:22:17 ----D---- C:\windows\temp
2011-02-09 15:19:57 ----SHD---- C:\$RECYCLE.BIN
2011-02-09 13:41:41 ----A---- C:\windows\system32\drivers\cpuz134_x64.sys
2011-02-09 13:41:40 ----D---- C:\Program Files\CPUID
2011-02-08 22:23:03 ----D---- C:\Users\vlado\AppData\Roaming\Wireshark
2011-02-08 22:22:16 ----D---- C:\Program Files (x86)\WinPcap
2011-02-08 22:21:46 ----D---- C:\Program Files\Wireshark
2011-02-08 20:03:12 ----A---- C:\windows\SYSWOW64\drivers\mbamswissarmy.sys
2011-02-08 19:34:09 ----D---- C:\Program Files (x86)\Zone Labs
2011-02-08 19:34:00 ----D---- C:\ProgramData\CheckPoint
2011-02-08 19:33:59 ----D---- C:\windows\Internet Logs
2011-02-07 22:09:59 ----D---- C:\Program Files\trend micro
2011-02-07 21:28:58 ----D---- C:\Users\vlado\AppData\Roaming\Malwarebytes
2011-02-07 21:28:50 ----D---- C:\ProgramData\Malwarebytes
2011-02-07 21:28:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-07 21:28:46 ----A---- C:\windows\system32\drivers\mbam.sys
2011-02-07 21:13:00 ----D---- C:\Program Files (x86)\CCleaner
2011-02-06 20:17:03 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2011-02-04 21:39:00 ----A---- C:\windows\vbaddin.ini
2011-02-04 21:38:19 ----A---- C:\windows\ODBC.INI
2011-02-04 21:33:12 ----D---- C:\Program Files (x86)\Microsoft Works
2011-02-04 21:32:40 ----D---- C:\windows\PCHEALTH
2011-02-04 21:30:40 ----D---- C:\Program Files\GIMP-2.0
2011-01-31 15:35:09 ----D---- C:\Program Files (x86)\Maxis Broadband
2011-01-31 14:05:09 ----D---- C:\Program Files (x86)\Mobile Partner
2011-01-31 12:47:08 ----A---- C:\windows\system32\drivers\SWDUMon.sys
2011-01-31 12:47:03 ----D---- C:\Program Files (x86)\SlimDrivers
2011-01-29 12:12:07 ----A---- C:\windows\system32\drivers\VMM.sys
2011-01-25 17:37:52 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2011-01-25 16:02:51 ----A---- C:\windows\system32\drivers\sptd.sys
2011-01-20 22:10:59 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-20 22:10:28 ----D---- C:\ProgramData\Microsoft Help
2011-01-20 22:10:00 ----RD---- C:\MSOCache
2011-01-19 22:19:37 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2011-01-19 22:19:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\Users\vlado\AppData\Roaming\DAEMON Tools Lite
2011-01-19 22:18:55 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-01-18 17:02:47 ----D---- C:\Program Files (x86)\OnCourt
======List of files/folders modified in the last 1 months======
2011-02-15 22:56:52 ----D---- C:\windows\Prefetch
2011-02-15 22:55:54 ----D---- C:\windows\system32\config
2011-02-15 22:55:46 ----D---- C:\Windows
2011-02-15 22:54:03 ----D---- C:\ProgramData\HPQLOG
2011-02-15 22:53:57 ----A---- C:\windows\SYSWOW64\log.txt
2011-02-15 22:51:25 ----D---- C:\Program Files (x86)\Arcsoft
2011-02-15 22:49:50 ----D---- C:\windows\System32
2011-02-15 22:49:50 ----D---- C:\windows\inf
2011-02-15 22:49:50 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-02-15 21:27:09 ----D---- C:\Users\vlado\AppData\Roaming\Skype
2011-02-15 21:23:50 ----D---- C:\windows\system32\Tasks
2011-02-15 21:02:16 ----SHD---- C:\windows\Installer
2011-02-15 16:11:32 ----D---- C:\windows\winsxs
2011-02-15 16:03:55 ----D---- C:\Users\vlado\AppData\Roaming\skypePM
2011-02-15 15:37:37 ----D---- C:\Program Files (x86)\Common Files
2011-02-15 15:14:16 ----D---- C:\Program Files (x86)\Nokia
2011-02-15 14:52:16 ----D---- C:\ProgramData\Installations
2011-02-15 14:22:40 ----D---- C:\windows\system32\drivers
2011-02-15 14:22:39 ----D---- C:\windows\system32\DriverStore
2011-02-15 14:22:39 ----D---- C:\windows\system32\catroot
2011-02-15 14:22:14 ----D---- C:\Users\vlado\AppData\Roaming\PC Suite
2011-02-14 17:58:02 ----RSD---- C:\windows\assembly
2011-02-14 17:57:50 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-02-14 17:57:21 ----SHD---- C:\System Volume Information
2011-02-14 17:53:23 ----D---- C:\windows\debug
2011-02-14 14:18:43 ----D---- C:\windows\SysWOW64
2011-02-14 14:18:43 ----D---- C:\Program Files\Internet Explorer
2011-02-14 14:18:43 ----D---- C:\Program Files (x86)\Internet Explorer
2011-02-14 14:09:25 ----A---- C:\windows\system32\MRT.exe
2011-02-14 13:37:10 ----D---- C:\windows\system32\catroot2
2011-02-10 23:38:14 ----D---- C:\Program Files (x86)
2011-02-10 22:06:47 ----D---- C:\windows\system32\drivers\etc
2011-02-10 22:06:28 ----D---- C:\windows\Globalization
2011-02-10 13:10:50 ----D---- C:\Users\vlado\AppData\Roaming\Rynga
2011-02-09 15:20:01 ----A---- C:\windows\system.ini
2011-02-09 15:17:40 ----D---- C:\windows\SYSWOW64\drivers
2011-02-09 15:17:40 ----D---- C:\windows\AppPatch
2011-02-09 15:17:40 ----D---- C:\Program Files\Common Files
2011-02-09 14:38:18 ----A---- C:\windows\win.ini
2011-02-09 13:41:40 ----D---- C:\Program Files
2011-02-08 22:21:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 19:34:00 ----D---- C:\ProgramData
2011-02-08 15:11:57 ----D---- C:\windows\Tasks
2011-02-08 15:09:19 ----D---- C:\Users\vlado\AppData\Roaming\Media Player Classic
2011-02-06 23:42:15 ----D---- C:\Users\vlado\AppData\Roaming\Nokia
2011-02-06 23:31:29 ----D---- C:\windows\tracing
2011-02-06 20:28:37 ----D---- C:\Users\vlado\AppData\Roaming\LangSoft
2011-02-06 20:28:36 ----D---- C:\ProgramData\LangSoft
2011-02-06 20:28:36 ----A---- C:\windows\TRNCOM.INI
2011-02-06 20:26:25 ----D---- C:\windows\ShellNew
2011-02-06 20:17:20 ----D---- C:\Program Files (x86)\MSBuild
2011-02-06 20:16:40 ----D---- C:\Program Files (x86)\Microsoft Office
2011-02-06 20:16:36 ----RSD---- C:\windows\Fonts
2011-02-06 20:16:24 ----SD---- C:\Users\vlado\AppData\Roaming\Microsoft
2011-02-06 20:16:24 ----SD---- C:\ProgramData\Microsoft
2011-02-06 20:13:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-02-06 18:58:51 ----D---- C:\Users\vlado\AppData\Roaming\BitTorrent
2011-02-04 21:36:59 ----D---- C:\Program Files\Hewlett-Packard
2011-02-04 21:32:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-01-31 21:55:34 ----D---- C:\Users\vlado\AppData\Roaming\BSplayer PRO
2011-01-31 12:51:31 ----D---- C:\Program Files\Microsoft Office
2011-01-31 12:51:10 ----D---- C:\Users\vlado\AppData\Roaming\SoftGrid Client
2011-01-30 17:43:39 ----D---- C:\Users\vlado\AppData\Roaming\IObit
2011-01-24 19:51:17 ----D---- C:\windows\system32\NDF
2011-01-21 19:37:09 ----D---- C:\windows\system32\drivers\UMDF
2011-01-20 21:54:27 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-01-20 12:04:52 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2011-01-19 19:43:48 ----D---- C:\Program Files\DIFX
2011-01-19 19:42:56 ----D---- C:\swsetup
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2010-07-16 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2009-12-16 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2009-12-16 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-25 834544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-19 254528]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2009-12-16 58184]
R1 vmm;Virtual Machine Monitor; \??\C:\windows\system32\Drivers\vmm.sys [2011-01-29 294232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cpuz134;cpuz134; \??\C:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2010-07-16 43320]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-10 7778176]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
R3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-02-05 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
R3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2009-07-14 32768]
R3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 79760]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2010-06-24 552448]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2010-06-24 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys []
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys []
S3 BTMMODEM;Bluetooth Modem Device; C:\windows\system32\DRIVERS\btmcom.sys []
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
S3 SWDUMon;SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [2011-01-31 13920]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2009-11-25 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-25 665656]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe []
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]
-----------------EOF-----------------
Přispějete na provoz fóra?